#!/usr/bin/perl -w # simple script for using ping, finger, traceroute # and queso on your web page. # # by Michal Suszycki $QUESO = "./queso"; #path to queso program print "Content-type:text/html\n\n"; #every CGI script need this # file "logi" will be used to log connections open(LOG,">>./logi") or die "Cannot open log file. $!\n"; #we want to log every connection sub dologging { ($RUSER = "unknown") unless ($RUSER = $ENV{REMOTE_IDENT}); print LOG scalar(localtime),"\t"; print LOG "$RUSER\@$ENV{REMOTE_ADDR} $ENV{REMOTE_PORT}\t$ENV{SCRIPT_FILENAME} $ENV{QUERY_STRING}\n"; } sub title { $text = shift @_; print<

$text


EOF } #this procedure displays error message sub error { $text = shift @_; print "
$text
"; footer(); exit(0); } #it will be a last line of every html page sub footer { print ""; } #QUERY_STRING is empty - it means we should display html form if (!$ENV{QUERY_STRING}){ dologging(); # Traceroute
#html form page print<CGI FUN

CGI FUN
Host
Ping
Finger (you can type hostname or user\@hostname)
Queso  
port (default is 80)

If you leave host field blank address of your machine will be used.
EOF } else { dologging(); print ""; # every argument scripts gets as an environment QUERY_STRING. # we have to parse it and find out hostname and want to run: ie. ping, queso. $arg=$ENV{QUERY_STRING}; ($hostarg,$whatarg)=split("&",$arg); ($a,$host) = split("=",$hostarg); $portarg = 80; if ($ENV{QUERY_STRING} =~ /.*=(\d+)$/){ $portarg = $1; } # if hostname field (in the html form) was empty we'll use address of # client machine if (!$host) { $host=$ENV{REMOTE_ADDR}; } # spaces and switches in the hostname are forbidden if ($host =~ /.*\+.*/ or $host =~ /^-.*/){ error("Invalid hostname."); } error("Hostname too long.") unless (length($host) < 64); error("Invalid port.") unless ($portarg > 0 and $portarg < 65535); # we don't want someone to use 'localhost' hostname if ($host =~ /^127.*|localhost/){ print "

You'd better choose another host ;-)

"; exit 0; } if ($host =~ /.*%2F.*|^\.$/){ error("Indvalid hostname"); } ($b,$what) = split("=",$whatarg); # here goes the action - run selected program on the server SWITCH:{ if ($what eq "ping") { title("Pinging $host (3 packets)"); @result=qx/ping -c 3 $host 2>&1 /; last SWITCH; } if ($what eq "traceroute") { title("Tracerouting $host from $ENV{SERVER_NAME}"); @result=qx/traceroute $host 2>&1 /; last SWITCH; } if ($what eq "finger") { if ($host =~ /\w+@\w+/){ # $host =~ s/%40/@/g; title("Fingering user $host"); @result=qx/finger $host 2>&1/; } else { title("Finger \@$host"); @result=qx/finger \@$host 2>&1/; } print "
";
		foreach $row (@result){
		print "$row
";
		}
		print "
"; footer(); exit(0); } if ($what eq "queso") { title("OS identification (using port $portarg)
Target: $host"); @result = qx/$QUESO -p $portarg $host 2>&1/; last SWITCH; } } # and show results - try to colorize a little bit print ""; foreach $row (@result){ $row =~ s/ / /g; $row =~ s/(\d+%.*packet.*loss)/$1<\/font>/g; $row =~ s/(---.*?---)/$1<\/font>/g; $row =~ s/.*[cC]onnection refused.*/Connection refused by <\/font>/; print ""; } print "
$row
"; footer(); }